From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。
---
Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/CodeClassifyServiceImpl.java | 159 ++++++++++++++++++++++++++++++++++++++++++++---------
1 files changed, 132 insertions(+), 27 deletions(-)
diff --git a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/CodeClassifyServiceImpl.java b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/CodeClassifyServiceImpl.java
index 891948a..43a3678 100644
--- a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/CodeClassifyServiceImpl.java
+++ b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/CodeClassifyServiceImpl.java
@@ -49,6 +49,8 @@
import com.vci.ubcs.starter.web.util.LangBaseUtil;
import com.vci.ubcs.starter.web.util.VciBaseUtil;
import com.vci.ubcs.system.cache.NacosConfigCache;
+import com.vci.ubcs.system.dto.ClassifyAuthDTO;
+import com.vci.ubcs.system.feign.ISysClient;
import org.apache.poi.hssf.util.HSSFColor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -71,10 +73,8 @@
import java.io.File;
import java.util.*;
import java.util.stream.Collectors;
-import java.util.stream.Stream;
import static com.vci.ubcs.code.constant.FrameWorkDefaultValueConstant.*;
-import static com.vci.ubcs.starter.web.util.VciBaseUtil.getTableName;
@Service
public class CodeClassifyServiceImpl extends ServiceImpl<CodeClassifyMapper, CodeClassify> implements ICodeClassifyService {
@@ -92,7 +92,7 @@
private IBtmTypeClient btmTypeClient;
@Resource
- private CommonsMapper commonsMapper;
+ private ISysClient sysClient;
/**
* 鏃ュ織
@@ -115,10 +115,12 @@
@Resource
private CodeBasicSecMapper codeBasicSecMapper;
+
/**
* 涓婄骇鑺傜偣鐨勫睘鎬у悕绉�
*/
public static final String PARENT_FIELD_NAME = "parentCodeClassifyOid";
+
/**
* 浣跨敤鏌ヨ灏佽鍣ㄦ潵鏌ヨ
* @param wrapper 鏌ヨ灏佽鍣�
@@ -155,6 +157,7 @@
* @param
*/
@Override
+ @Transactional(rollbackFor = Exception.class)
public R addSave(CodeClassify codeClassifyEntity) {
try {
VciBaseUtil.alertNotNull(codeClassifyEntity.getId(),"涓婚搴撶紪鍙蜂笉鑳戒负绌猴紒",codeClassifyEntity.getName(),"涓婚搴撳悕绉颁笉鑳戒负绌猴紒");
@@ -181,8 +184,19 @@
}
DefaultAttrAssimtUtil.addDefaultAttrAssimt(codeClassifyEntity, MdmBtmTypeConstant.CODE_CLASSIFY);
codeClassifyEntity.setLcStatus(FRAMEWORK_DATA_ENABLED);
- int insertNumber = codeClassifyMapper.insert(codeClassifyEntity);
- return R.status(SqlHelper.retBool(insertNumber));
+ boolean resBoolean = SqlHelper.retBool(codeClassifyMapper.insert(codeClassifyEntity));
+ if (!resBoolean) {
+ return R.status(resBoolean);
+ }
+ // 鍒嗙被娣诲姞鎴愬姛锛岀粰绯荤粺绠$悊鍛樺拰褰撳墠瑙掕壊澧炲姞鍒嗙被鏉冮檺鍜屾暟鎹潈闄�
+ ClassifyAuthDTO classifyAuthDTO = new ClassifyAuthDTO();
+ classifyAuthDTO.setClassifyId(codeClassifyEntity.getOid());
+// classifyAuthDTO.setClassId(codeClassifyEntity.getId());
+ R r = sysClient.saveAddClassifyDefaultAuth(classifyAuthDTO);
+ if (!r.isSuccess()) {
+ throw new ServiceException("缁欒鑹叉巿浜堥粯璁ゆ潈闄愭椂鍑虹幇閿欒锛屽師鍥狅細"+r.getMsg());
+ }
+ return R.status(resBoolean);
}
/**
@@ -509,7 +523,7 @@
* @return 涓婚搴撳垎绫绘樉绀烘爲
*/
@Override
- public List<Tree> referTree(TreeQueryObject treeQueryObject) {
+ public List<Tree> referTree(TreeQueryObject treeQueryObject) throws ServiceException{
if(treeQueryObject == null){
treeQueryObject = new TreeQueryObject();
}
@@ -519,7 +533,7 @@
if(treeQueryObject.getConditionMap().containsKey(LC_STATUS)) {
treeQueryObject.getConditionMap().remove(LC_STATUS);
}
- if(treeQueryObject.getExtandParamsMap() ==null || !treeQueryObject.getExtandParamsMap().containsKey(REFER_SHOW_DISABLED_QUERY_KEY)) {
+ if(treeQueryObject.getExtandParamsMap() == null || !treeQueryObject.getExtandParamsMap().containsKey(REFER_SHOW_DISABLED_QUERY_KEY)) {
}
treeQueryObject.getConditionMap().put(LC_STATUS, FRAMEWORK_DATA_ENABLED);
return treeCodeClassify(treeQueryObject);
@@ -549,7 +563,7 @@
* @return 涓婚搴撳垎绫� 鏄剧ず鏍�
*/
@Override
- public List<Tree> treeCodeClassify(TreeQueryObject treeQueryObject) {
+ public List<Tree> treeCodeClassify(TreeQueryObject treeQueryObject) throws ServiceException{
List<CodeClassify> doList = null;
String id = null;
String lcStatus = null;
@@ -559,6 +573,7 @@
}
if(StringUtils.isNotBlank(id) || StringUtils.isNotBlank(lcStatus) ){
//String tableName = this.getTableName(treeQueryObject.getConditionMap().get("btmTypeId"),treeQueryObject.getConditionMap().get("id"), treeQueryObject.getConditionMap().get("lcStatus"));
+ // TODO: 2024-1-24 23:25鎴戝幓鎺変簡鎳掑姞杞斤紝鍥犱负浼氬奖鍝嶆暟鎹巿鏉冭繃婊ゅ拰鍒嗙被鎼滅储鍔熻兘锛岃�屼笖杩欏効鎰熻娌″繀瑕佸仛鎳掑姞杞�
doList = codeClassifyMapper
.selectCodeClassifyDOByTree(
treeQueryObject.getConditionMap().get("id"),
@@ -577,23 +592,71 @@
List<CodeClassifyVO> voList = codeClassifyDO2VOs(doList);
TreeWrapperOptions treeWrapperOptions = new TreeWrapperOptions(PARENT_FIELD_NAME);
treeWrapperOptions.copyFromTreeQuery(treeQueryObject);
- List<Tree> tree= revisionModelUtil.doList2Trees(voList,treeWrapperOptions,(CodeClassifyVO s) ->{
+ List<Tree> tree = revisionModelUtil.doList2Trees(voList,treeWrapperOptions,(CodeClassifyVO s) ->{
//鍙互鍦ㄨ繖閲屽鐞嗘爲鑺傜偣鐨勬樉绀�
return s.getId() + " " + s.getName() + (FrameworkDataLCStatus.DISABLED.getValue().equalsIgnoreCase(s
.getLcStatus()) ? (" 銆愬仠鐢ㄣ�� ") : "");
});
+ // 闈炶秴绠¤繃婊ゆ湭鎺堟潈鐨勫垎绫�
+ if(!VciBaseUtil.checkAdminTenant()){
+ // 閭d簺鍒嗙被鍏峰鏌ョ湅鏉冮檺
+ R<List<String>> viewClassByRoleIds = sysClient.getViewClassByRoleIds(
+ Arrays.asList(AuthUtil.getUser().getRoleId().split(",")),
+ treeQueryObject.getConditionMap().getOrDefault("authType","classify_auth"),
+ treeQueryObject.getConditionMap().getOrDefault("buttonCode","classify_view"),
+ treeQueryObject.getConditionMap().getOrDefault("menuCode","classifyTree")
+ );
+ // 璇锋眰澶辫触鎴栬�呰姹傚緱鍒扮殑鍏峰鏌ョ湅鏉冮檺鐨勫垎绫籭d闆嗗悎涓虹┖
+ if(!viewClassByRoleIds.isSuccess() && viewClassByRoleIds.getData().isEmpty()){
+ throw new ServiceException("涓绘暟鎹煡鐪嬫潈闄愭湭閰嶇疆锛屾垨閰嶇疆鏈夎锛�");
+ }
+ // 杩囨护
+ filterTreeNodes(tree,viewClassByRoleIds.getData());
+ }
+ // 鍔犺浇鍒嗙被鏄惁鍏锋湁瀛愬垎绫�
+ tree.parallelStream().forEach(item -> {
+ boolean checkHasChild = checkHasChild(item.getOid());
+ item.setLeaf(!checkHasChild);
+ });
+ return tree;
+ }
- Iterator var6 = tree.listIterator();
- while(var6.hasNext()){
- Tree trees = (Tree) var6.next();
- boolean checkHasChild=codeClassifyMapper.checkHasChild(trees.getOid());
- if(checkHasChild){
- trees.setLeaf(false);
- }else{
- trees.setLeaf(true);
+ /**
+ * 鍒嗙被鎺堟潈杩囨护鎺夋病鏈夋潈闄愮殑鍒嗙被
+ * @param trees
+ * @param classifyIds
+ */
+ private void filterTreeNodes(List<Tree> trees, List<String> classifyIds) {
+ Iterator<Tree> iterator = trees.iterator();
+ while (iterator.hasNext()) {
+ Tree tree = iterator.next();
+ /*Boolean checkHasChild = checkHasChild(tree.getOid());
+ tree.setLeaf(!checkHasChild);*/
+ if (classifyIds.contains(tree.getOid())) {
+ // 濡傛灉椤跺眰鑺傜偣瀛樺湪 classifyIds 锛岀洿鎺ヤ繚鐣欏叾瀛愯妭鐐归泦鍚�
+ continue;
+ }
+ if (tree.getChildren() != null && !tree.getChildren().isEmpty()) {
+ filterTreeNodes(tree.getChildren(), classifyIds);
+ }
+ if (!hasMatchingChild(tree, classifyIds)) {
+ iterator.remove();
}
}
- return tree;
+ }
+
+ private boolean hasMatchingChild(Tree tree, List<String> classifyIds) {
+ if (classifyIds.contains(tree.getOid())) {
+ return true;
+ }
+ if (tree.getChildren() != null) {
+ for (Tree child : tree.getChildren()) {
+ if (hasMatchingChild(child, classifyIds)) {
+ return true;
+ }
+ }
+ }
+ return false;
}
/**
@@ -688,7 +751,28 @@
if(codeClassifies.isEmpty()){
return "";
}
- String oids = codeClassifies.stream().map(CodeClassify::getOid).collect(Collectors.joining(","));
+ String oids = codeClassifies.stream()
+ .map(CodeClassify::getOid)
+ .map(s -> "'" + s + "'")
+ .collect(Collectors.joining(","));;
+ return oids;
+ }
+
+ /**
+ * 鏍规嵁椤跺眰鑺傜偣oid鏌ヨ鎵�鏈夊彾瀛愯妭鐐瑰垎绫籵id
+ * @param pid
+ * @return
+ */
+ @Override
+ public String selectLeafByPid(String pid) {
+ List<CodeClassify> codeClassifies = codeClassifyMapper.selectLeafByPid(pid);
+ if(codeClassifies.isEmpty()){
+ return "";
+ }
+ String oids = codeClassifies.stream()
+ .map(CodeClassify::getOid)
+ .map(s ->s)
+ .collect(Collectors.joining(","));;
return oids;
}
@@ -697,7 +781,6 @@
*/
@Override
public R flowingDependencyGen(String classifyOid) {
-
//鏌ヨ姝ゅ垎绫讳笅闈㈢殑鎵�鏈夊垎绫�
List<CodeClassify> codeClassifyList=codeClassifyMapper.selectAllClassifyByOid(classifyOid,AuthUtil.getTenantId(),null);
//鏌ヨ鐮佸�艰〃锛岃幏鍙栨渶澶ф祦姘�
@@ -705,6 +788,17 @@
.map(classfiy -> classfiy.getOid()).collect(Collectors.joining("','")) + "'","'${sav}'");
//寰�娴佹按琛ㄩ噷闈㈠姞鏁版嵁锛屾湁鍒欐洿鏂帮紝鏃犲垯娣诲姞鏁版嵁銆�
for (CodeAllCode codeAllCodeVO : codeAllCodeVOS) {
+ if(Func.isEmpty(codeAllCodeVO.getSerialUnit())){
+ throw new ServiceException("缂栫爜涓猴細" + codeAllCodeVO.getId() + "鐨勭爜鍊兼暟鎹祦姘翠緷璧栦笉鑳戒负绌猴紒");
+ }
+ try {
+ CodeRuleVO codeRuleVO = codeRuleService.getObjectByOid(codeAllCodeVO.getCodeRuleOid());
+ if(Func.isEmpty(codeRuleVO)){
+ continue;
+ }
+ }catch (Exception e){
+ continue;
+ }
QueryWrapper<CodeBasicSec> secWrapper = new QueryWrapper<>();
secWrapper.eq("PKCODERULE",codeAllCodeVO.getCodeRuleOid());
secWrapper.eq("SECTYPE","codeserialsec");
@@ -1393,15 +1487,28 @@
if(!CollectionUtils.isEmpty(dataList)){
for(Map data:dataList){
CodeClassify codeClassifyDO = new CodeClassify();
- codeClassifyDO.setOid(VciBaseUtil.getStringValueFromObject(data.get("OID")));
- codeClassifyDO.setId(VciBaseUtil.getStringValueFromObject(data.get("ID")));
- codeClassifyDO.setName(VciBaseUtil.getStringValueFromObject(data.get("NAME")));
- codeClassifyDO.setBtmTypeId(VciBaseUtil.getStringValueFromObject(data.get("BTMTYPEID")));
- codeClassifyDO.setBtmTypeName(VciBaseUtil.getStringValueFromObject(data.get("BTMTYPENAME")));
+ codeClassifyDO.setOid(VciBaseUtil.getStringValueFromObject(VciBaseUtil.getMapValueIgnoreCase(data,"OID")));
+ codeClassifyDO.setId(VciBaseUtil.getStringValueFromObject(VciBaseUtil.getMapValueIgnoreCase(data,"ID")));
+ codeClassifyDO.setName(VciBaseUtil.getStringValueFromObject(VciBaseUtil.getMapValueIgnoreCase(data,"NAME")));
+ codeClassifyDO.setBtmTypeId(VciBaseUtil.getStringValueFromObject(VciBaseUtil.getMapValueIgnoreCase(data,"BTMTYPEID")));
+ codeClassifyDO.setBtmTypeName(VciBaseUtil.getStringValueFromObject(VciBaseUtil.getMapValueIgnoreCase(data,"BTMTYPENAME")));
oidList.add(codeClassifyDO);
}
}
return oidList;
+ }
+
+ /**
+ * 鏌ヨ鎵�鏈変笂灞傜埗鑺傜偣鐨刼id
+ * @param oid
+ * @return
+ */
+ @Override
+ public List<String> selectAllParentOid(String oid){
+ if(Func.isBlank(oid)){
+ return new ArrayList<>();
+ }
+ return this.codeClassifyMapper.selectAllParentOid(oid);
}
/**
@@ -1448,7 +1555,5 @@
wrapper.eq("parentCodeClassifyOid",codeClassifyOid);
return codeClassifyMapper.selectCount(wrapper).intValue();
}
-
-
}
--
Gitblit v1.9.3